Security Experts:

Palo Alto Networks Buys Bridgecrew in ‘Shift Left’ Cloud Security Push

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio.

The two sides said the deal is valued at $156 million in cash and is expected to close in the third quarter this year.

For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space.  The Bridgecrew deal follows a $420 million purchase of CloudGenix last March and a separate $173 million deal to buy Redlock, both cloud security specialist plays.

For Bridgecrew, an Israel-based venture-backed startup that’s barely two years old, the exit is significant.  Bridgecrew raised a total of $18 million over two funding rounds with public reports pegging its valuation last year at around $40 million.

[ RELATED: Palo Alto Spends $420 Million to Buy CloudGenix ]

The company was founded by serial entrepreneur Idan Tendler with venture capital backing from Battery Ventures, NFX, Tectonic Ventures, DNX Ventures, Sorensen Ventures, and Homeward Ventures. 

Bridgecrew styles itself as a pioneer in Shift Left, the popular practice aimed at finding and preventing defects early in the software delivery process. The idea is to improve quality by moving tasks to the left as early in the software lifecycle as possible, meaning that important security testing is done earlier in the software development process.

Bridgecrew’s security platform, which includes the Checkov open-source scanner, offers developers and DevOps teams a systematic way to enforce infrastructure security standards throughout the development lifecycle. 

[ ALSO READ: Palo Alto Networks to Acquire

Cloud Security Firm RedLock for $173 Million ]

"Shift left security is a must-have in any cloud security platform. Developers don't want to wait until runtime to find out their security is not working, and the CISO charged with protecting the entire organization certainly values higher security from fixing issues earlier in the development lifecycle,” said Palo Alto chief executive Nikesh Arora. 

Palo Also plans to fit Bridgecrew’s technology into its own Prisma Cloud to provide developers with security assessment and enforcement capabilities throughout the DevOps process.

Prisma Cloud is Palo Alto's security platform that sells into the enterprise  cloud security posture management (CSPM) and cloud workload protection platform (CWPP) categories.  

Palo Alto said it would continue to invest in Bridgecrew's open-source initiatives.  

RELATED: Palo Alto Networks Acquires Incident Response Firm Secdo

RELATED: Palo Alto Networks to Acquire CIA-Backed Cloud Security Firm for $300 Million

view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.